mirror of
https://github.com/Unleash/unleash.git
synced 2025-01-11 00:08:30 +01:00
47 lines
1.2 KiB
JavaScript
47 lines
1.2 KiB
JavaScript
'use strict';
|
|
|
|
const MissingPermission = require('./missing-permission');
|
|
|
|
const ADMIN = 'ADMIN';
|
|
const CREATE_FEATURE = 'CREATE_FEATURE';
|
|
const UPDATE_FEATURE = 'UPDATE_FEATURE';
|
|
const DELETE_FEATURE = 'DELETE_FEATURE';
|
|
const CREATE_STRATEGY = 'CREATE_STRATEGY';
|
|
const UPDATE_STRATEGY = 'UPDATE_STRATEGY';
|
|
const DELETE_STRATEGY = 'DELETE_STRATEGY';
|
|
const UPDATE_APPLICATION = 'UPDATE_APPLICATION';
|
|
|
|
function requirePermission(permission) {
|
|
return (req, res, next) => {
|
|
if (
|
|
req.user &&
|
|
req.user.permissions &&
|
|
(req.user.permissions.indexOf(ADMIN) !== -1 ||
|
|
req.user.permissions.indexOf(permission) !== -1)
|
|
) {
|
|
return next();
|
|
}
|
|
return res
|
|
.status(403)
|
|
.json(
|
|
new MissingPermission({
|
|
permission,
|
|
message: `You require ${permission} to perform this action`,
|
|
})
|
|
)
|
|
.end();
|
|
};
|
|
}
|
|
|
|
module.exports = {
|
|
requirePermission,
|
|
ADMIN,
|
|
CREATE_FEATURE,
|
|
UPDATE_FEATURE,
|
|
DELETE_FEATURE,
|
|
CREATE_STRATEGY,
|
|
UPDATE_STRATEGY,
|
|
DELETE_STRATEGY,
|
|
UPDATE_APPLICATION,
|
|
};
|